Analysis

  • max time kernel
    94s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-09-2024 15:59

General

  • Target

    2024091768d6f593506c81b48a05363139063540cobaltstrikecobaltstrikepoetratsnatch.exe

  • Size

    5.0MB

  • MD5

    68d6f593506c81b48a05363139063540

  • SHA1

    8c86e47a672d00eaf5d9967f23156b19bca7d510

  • SHA256

    24fdf5cb3d32d3ecedf3c0a1164d31b5134703e0526d690e5b7e6d64258ce1ae

  • SHA512

    f8aa59a3d4e5bc97d81cb77f828e0f93f677456f8d7f7b706ff635a6fad7fb444c9689e82f24f1c32a3fa52b375b9a832a72f5bb70cd28e786f65967d9b90a0d

  • SSDEEP

    49152:r56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6liK1uOCeXvpnZ:r56utgpPFotBER/mQ32lUT

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024091768d6f593506c81b48a05363139063540cobaltstrikecobaltstrikepoetratsnatch.exe
    "C:\Users\Admin\AppData\Local\Temp\2024091768d6f593506c81b48a05363139063540cobaltstrikecobaltstrikepoetratsnatch.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:3548

Network

  • flag-us
    DNS
    149.220.183.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.220.183.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    1.181.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    1.181.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    s3.us-east-2.amazonaws.com
    2024091768d6f593506c81b48a05363139063540cobaltstrikecobaltstrikepoetratsnatch.exe
    Remote address:
    8.8.8.8:53
    Request
    s3.us-east-2.amazonaws.com
    IN A
    Response
    s3.us-east-2.amazonaws.com
    IN A
    52.219.110.169
    s3.us-east-2.amazonaws.com
    IN A
    52.219.102.41
    s3.us-east-2.amazonaws.com
    IN A
    52.219.233.161
    s3.us-east-2.amazonaws.com
    IN A
    52.219.177.169
    s3.us-east-2.amazonaws.com
    IN A
    52.219.92.121
    s3.us-east-2.amazonaws.com
    IN A
    52.219.104.122
    s3.us-east-2.amazonaws.com
    IN A
    16.12.66.97
    s3.us-east-2.amazonaws.com
    IN A
    52.219.105.25
  • flag-us
    DNS
    169.110.219.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    169.110.219.52.in-addr.arpa
    IN PTR
    Response
    169.110.219.52.in-addr.arpa
    IN PTR
    s3 us-east-2 amazonawscom
  • flag-us
    DNS
    61.39.156.108.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    61.39.156.108.in-addr.arpa
    IN PTR
    Response
    61.39.156.108.in-addr.arpa
    IN PTR
    server-108-156-39-61lhr50r cloudfrontnet
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    233.143.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    233.143.123.92.in-addr.arpa
    IN PTR
    Response
    233.143.123.92.in-addr.arpa
    IN PTR
    a92-123-143-233deploystaticakamaitechnologiescom
  • flag-us
    DNS
    30.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    30.243.111.52.in-addr.arpa
    IN PTR
    Response
  • 52.219.110.169:443
    s3.us-east-2.amazonaws.com
    tls
    2024091768d6f593506c81b48a05363139063540cobaltstrikecobaltstrikepoetratsnatch.exe
    1.2kB
    7.5kB
    16
    19
  • 8.8.8.8:53
    149.220.183.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    149.220.183.52.in-addr.arpa

  • 8.8.8.8:53
    1.181.190.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    1.181.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    73 B
    159 B
    1
    1

    DNS Request

    228.249.119.40.in-addr.arpa

  • 8.8.8.8:53
    s3.us-east-2.amazonaws.com
    dns
    2024091768d6f593506c81b48a05363139063540cobaltstrikecobaltstrikepoetratsnatch.exe
    72 B
    200 B
    1
    1

    DNS Request

    s3.us-east-2.amazonaws.com

    DNS Response

    52.219.110.169
    52.219.102.41
    52.219.233.161
    52.219.177.169
    52.219.92.121
    52.219.104.122
    16.12.66.97
    52.219.105.25

  • 8.8.8.8:53
    169.110.219.52.in-addr.arpa
    dns
    73 B
    113 B
    1
    1

    DNS Request

    169.110.219.52.in-addr.arpa

  • 8.8.8.8:53
    61.39.156.108.in-addr.arpa
    dns
    72 B
    129 B
    1
    1

    DNS Request

    61.39.156.108.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    233.143.123.92.in-addr.arpa
    dns
    73 B
    139 B
    1
    1

    DNS Request

    233.143.123.92.in-addr.arpa

  • 8.8.8.8:53
    30.243.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    30.243.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.